summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>2010-04-21 19:01:33 +0000
committertpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>2010-04-21 19:01:33 +0000
commit0a9caa3b3716846c944b76795b182caa4050e63a (patch)
tree93edad259cad5c669297858f198ae2bc88b5be28
parent9885131c3e220b351fa05ff9fdee265b7f83549e (diff)
downloadtdebase-0a9caa3b3716846c944b76795b182caa4050e63a.tar.gz
tdebase-0a9caa3b3716846c944b76795b182caa4050e63a.zip
Backport of SVN r1097263 to fix Solaris compilation with [CVE-2010-0436]
git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdebase@1117290 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
-rw-r--r--kcontrol/randr/krandrtray.cpp6
-rw-r--r--kdm/backend/auth.c49
-rw-r--r--kdm/backend/dm.h1
-rw-r--r--kdm/backend/dm_auth.h6
-rw-r--r--kdm/backend/genauth.c10
-rw-r--r--kdm/backend/util.c15
6 files changed, 56 insertions, 31 deletions
diff --git a/kcontrol/randr/krandrtray.cpp b/kcontrol/randr/krandrtray.cpp
index 3c1317e92..508c4a6ae 100644
--- a/kcontrol/randr/krandrtray.cpp
+++ b/kcontrol/randr/krandrtray.cpp
@@ -74,8 +74,10 @@ KRandRSystemTray::KRandRSystemTray(QWidget* parent, const char *name)
randr_display = XOpenDisplay(NULL);
- last_known_x = currentScreen()->currentPixelWidth();
- last_known_y = currentScreen()->currentPixelHeight();
+ if (isValid() == true) {
+ last_known_x = currentScreen()->currentPixelWidth();
+ last_known_y = currentScreen()->currentPixelHeight();
+ }
}
void KRandRSystemTray::mousePressEvent(QMouseEvent* e)
diff --git a/kdm/backend/auth.c b/kdm/backend/auth.c
index 21b3c5d48..3fb18ac4c 100644
--- a/kdm/backend/auth.c
+++ b/kdm/backend/auth.c
@@ -227,6 +227,21 @@ fdOpenW( int fd )
return 0;
}
+static FILE *
+mkTempFile( char *nambuf, int namelen )
+{
+ FILE *f;
+ int r;
+
+ for (r = 0; r < 100; r++) {
+ randomStr( nambuf + namelen );
+ if ((f = fdOpenW( open( nambuf, O_WRONLY | O_CREAT | O_EXCL, 0600 ) )))
+ return f;
+ if (errno != EEXIST)
+ break;
+ }
+ return 0;
+}
#define NAMELEN 255
@@ -234,9 +249,7 @@ static FILE *
MakeServerAuthFile( struct display *d )
{
FILE *f;
-#ifndef HAVE_MKSTEMP
- int r;
-#endif
+ int i;
char cleanname[NAMELEN], nambuf[NAMELEN+128];
/*
@@ -248,22 +261,11 @@ MakeServerAuthFile( struct display *d )
if (mkdir( authDir, 0755 ) < 0 && errno != EEXIST)
return 0;
CleanUpFileName( d->name, cleanname, NAMELEN - 8 );
-#ifdef HAVE_MKSTEMP
- sprintf( nambuf, "%s/A%s-XXXXXX", authDir, cleanname );
- if ((f = fdOpenW( mkstemp( nambuf ) ))) {
+ i = sprintf( nambuf, "%s/A%s-", authDir, cleanname );
+ if ((f = mkTempFile( nambuf, i ))) {
StrDup( &d->authFile, nambuf );
return f;
}
-#else
- for (r = 0; r < 100; r++) {
- sprintf( nambuf, "%s/A%s-XXXXXX", authDir, cleanname );
- (void)mktemp( nambuf );
- if ((f = fdOpenW( open( nambuf, O_WRONLY | O_CREAT | O_EXCL, 0600 ) ))) {
- StrDup( &d->authFile, nambuf );
- return f;
- }
- }
-#endif
return 0;
}
@@ -1131,19 +1133,8 @@ SetUserAuthorization( struct display *d )
* temporary - we can assume, that we are the only ones
* knowing about this file anyway.
*/
-#ifdef HAVE_MKSTEMP
- sprintf( name_buf, "%s/.XauthXXXXXX", d->userAuthDir );
- new = fdOpenW( mkstemp( name_buf ) );
-#else
- for (i = 0; i < 100; i++) {
- sprintf( name_buf, "%s/.XauthXXXXXX", d->userAuthDir );
- (void)mktemp( name_buf );
- if ((new =
- fdOpenW( open( name_buf, O_WRONLY | O_CREAT | O_EXCL,
- 0600 ) )))
- break;
- }
-#endif
+ i = sprintf( name_buf, "%s/.Xauth", d->userAuthDir );
+ new = mkTempFile( name_buf, i );
if (!new) {
LogError( "Can't create authorization file in %s\n",
d->userAuthDir );
diff --git a/kdm/backend/dm.h b/kdm/backend/dm.h
index 5f81e24b9..c05d4c865 100644
--- a/kdm/backend/dm.h
+++ b/kdm/backend/dm.h
@@ -542,6 +542,7 @@ const char *localHostname( void );
int Reader( int fd, void *buf, int len );
int Writer( int fd, const void *buf, int len );
int fGets( char *buf, int max, FILE *f );
+void randomStr( char *s );
time_t mTime( const char *fn );
void ListSessions( int flags, struct display *d, void *ctx,
void (*emitXSess)( struct display *, struct display *, void * ),
diff --git a/kdm/backend/dm_auth.h b/kdm/backend/dm_auth.h
index ccf4697b8..28725ee8d 100644
--- a/kdm/backend/dm_auth.h
+++ b/kdm/backend/dm_auth.h
@@ -96,4 +96,10 @@ void AddOtherEntropy( void );
void AddTimerEntropy( void );
#endif
+#ifdef HAVE_ARC4RANDOM
+# define secureRandom() arc4random()
+#else
+int secureRandom( void );
+#endif
+
#endif /* _DM_AUTH_H_ */
diff --git a/kdm/backend/genauth.c b/kdm/backend/genauth.c
index 2978851e1..6da95cce0 100644
--- a/kdm/backend/genauth.c
+++ b/kdm/backend/genauth.c
@@ -488,3 +488,13 @@ GenerateAuthData( char *auth, int len )
# endif
#endif
}
+
+#ifndef HAVE_ARC4RANDOM
+int
+secureRandom( void )
+{
+ int rslt;
+ GenerateAuthData( (char *)&rslt, sizeof(int) );
+ return rslt & 0x7fffffff;
+}
+#endif \ No newline at end of file
diff --git a/kdm/backend/util.c b/kdm/backend/util.c
index c3e9a520c..b980862f1 100644
--- a/kdm/backend/util.c
+++ b/kdm/backend/util.c
@@ -35,6 +35,7 @@ from the copyright holder.
*/
#include "dm.h"
+#include "dm_auth.h"
#include "dm_error.h"
#include <string.h>
@@ -519,6 +520,20 @@ mTime( const char *fn )
return st.st_mtime;
}
+void
+randomStr( char *s )
+{
+ static const char letters[] =
+ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+ unsigned i, rn = secureRandom();
+
+ for (i = 0; i < 6; i++) {
+ *s++ = letters[rn % 62];
+ rn /= 62;
+ }
+ *s = 0;
+}
+
static int
StrNChrCnt( const char *s, int slen, char c )
{